DEV Community

Cover image for Browser Fingerprinting
Rachel Williams
Rachel Williams

Posted on

Browser Fingerprinting

What is Fingerprinting?

Recently I had an interview where my interviewer mentioned fingerprinting as a way to recognize a particular user. I hadn't heard much about it and was intrigued so I decided to do some research on the topic.

Browser fingerprinting is a method used to partially or fully identify a user based on information collected about the user's browser, computer, preferred language and more. Although you might expect that many people would have the same setup on their device as you, it is rare that two user's fingerprint is similar. In fact, according to this article, "only 1 in 286,777 other browsers will share the same fingerprint as another user."

How Fingerprinting Works

Most tech-savvy people are aware that your web traffic can be tracked with cookies or that your location can be determined with your IP address. However, fingerprinting can still partially or fully identify you without either of these things.

With fingerprinting, client-side scripting is used to collect a wide variety of data about you including your operating system, OS version, browser, browser version, screen resolution, list of plugins and much, much more.

Fingerprinting doesn't require cookies. JavaScript knows information about your screen resolution, device size and more to be able to display web applications properly. If you open your developer tools, and type navigator.userAgent you will see your device's user-agent in the console. This has information about your browser, computer, operating system and more. There are other commands you can use such as navigator.plugins to view what plugins you have installed.

HTML5 Canvas

Another way for companies to get data for fingerprinting is by using HTML5's canvas element. This element is used to draw graphics on a web page via JavaScript. Developers will use this feature to draw graphics on your device. Since different devices render images differently, the rendered canvas graphic can be sent through a hash function to create a unique ID for fingerprinting.

Why is Fingerprinting Used?

These days, companies are doing everything they can to collect data about their users. This data can be used to improve marketing, improve the user experience, it can be sold to advertisers, and more. However, it is also used for security and authentication and in fact was originally developed to prevent security risks for users. Ultimately though, fingerprinting is a privacy issue and I think everyone should be aware of it.

Can You Stop It?

There are different ways to prevent fingerprinting if you are worried about your privacy. You can block all JavaScript with an add-on such as NoScript, however this will change the functionality of many websites unless you allow JavaScript to run on them. You can try to use the most popular browser and version, but this is quite hard to do.

The most promising option I found is that the newest Firefox browser protects you against fingerprinting. It blocks "third-party requests to companies that are known to participate in fingerprinting."

Are you Unique?

If you would like to see if you are unique, check out this website. The website checks things like your list of plugins, language header, timezone, presence of adblock and more to see if you are unique.

Thank You

Thank you for taking the time to read this post. What are your thoughts on internet privacy and fingerprinting?

Fingerprint Gif

Additional Resources

Top comments (7)

Collapse
 
awalias profile image
awalias

It's 5 years dated - but I once built a chrome extension that spoofs some of the most commonly tracked metrics, which if someone is using a hash based fingerprint will provide some basic defense: github.com/awalias/ape

Collapse
 
racheladaw profile image
Rachel Williams

That's an awesome project! I will check it out.

Collapse
 
matthijsewoud profile image
⚡️

It’s worth noting that browsers, especially Firefox and Safari, are actively combatting fingerprinting: gizmodo.com/apple-declares-war-on-...

While neat, it’s not reliable to use as identification. A better way might be an anonymous hash, like the cloud saves that DuckDuckGo uses for setting storage.

Collapse
 
racheladaw profile image
Rachel Williams

Thank you for the info! Yeah, it appears that the newest version of Firefox protects against fingerprinting which is great!

Collapse
 
dividedbynil profile image
Kane Ong

Great post! Have you taken a look at cross-device fingerprinting?
en.wikipedia.org/wiki/Cross-device...

Collapse
 
racheladaw profile image
Rachel Williams

I briefly read about it during my research, but definitely want to learn more. It is super interesting and frankly quite spooky. Thanks for the info!

Collapse
 
racheladaw profile image
Rachel Williams

Thank you for reading!